Hi Team , I would like to know the career in CEH and also need details about sans hacking , do we get a good job for CEH in india , if so what is the package , what is the role of ceh other than being an penetrating tester .Guidelines given by you will be greatly helpful to me

Just to chime in a little. I know that English is most likely his second langauge, but to make sure, I wanted to clarify something for abcdadmin from the original post.

There is no such thing as a career in CEH. CEH stands for Certified Ethical Hacker. It is a certification and not a career.

Secondly, IMHO CEH doesn't even prepare you for being a Jr. Pen Tester, so asking what role is there other than that of a pen tester makes me think that you're under the impression that it prepares you for this. I hope you don't think that simply by passing the exam for CEH that you are ready for any career much less as a pen tester.

CEH has it's place, but it's more of a toe in the water past general security.

This is my first posting here but I do feel the need to pitch in a bit on this topic to share my experience on pentesting and those certs.

After I did my CEH & ECSA certifications, I did find that opportunities in IT Sec opened up for me.

Got my first pen testing job bcoz of the certs (the client wanted pentesters with a CEH) ... though it didn't prepare me enough for the real-life pentest situation.

I can't really disclose the details (signed an NDA) but my team and I had to pentest more than 50 servers for an organization, and though the certs did give tools and methodology on pentesting, I had to read and learn and learn and learn on my own ... especially when it came to report writing. After 5 hectic 10-hour days of pentesting plus another 5 days for report-writing, thankfully we managed to complete the pentest...

The experience was excellent though coz it was real-life, not a lab and definitely not answering multiple choice. Had to do the whole drill - war driving, black-box pentesting, social engineering, testing & mapping the network, pwning the servers ... even to the point of DOSing 3 of them, though thankfully they weren't critical services.

So is it enough to have the 2 certs? Not really. after completing the certs, it's best to continue learning and reading up on security, latest vulnerabilities, new exploits, zero-days, etc ...

I consider the certs as a foundation to IT Sec and will continue to learn... whether the learning will lead to another certification or more practical experience ... it doesn't matter. Important thing is, you continue to update your knowledge.

Pentesting of course is not just pentesting servers, some clients might want you to test their websites, web applications, their mobile apps ... so be prepared ... no two pentests are the same ... which is what makes it thrilling ...

So my advice to the OP, yeah go get ur certs ... but don't stop learning. You can't be a pentester by answering multiple choice Qs only. You've got to actually DO the pentest ... if ur given a small pentest job to start with, even if it's testing the security of your friend's new app ... go for it... do it, learn from it ... and you'll get better and be ready for the next pentest job.

So what's next for me? Maybe get one of those cloud security certs and of course, the coveted OSCP.